Back to skill

Security audit

Overleaf

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Overleaf helper skill, but users should treat the Overleaf session cookie like a password.

Install only if you trust the olcli package and publisher. Treat the Overleaf session cookie as account access: avoid pasting it into shared terminals or logs, keep .olauth and config files out of git and shared folders, use logout or revoke the browser session if it is exposed, and review changes before push or sync.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to pass an Overleaf session cookie directly on the command line via `olcli auth --cookie "SESSION_COOKIE"` without any warning about credential sensitivity. Command-line secrets can be exposed through shell history, process listings, terminal logging, or agent telemetry, so this guidance increases the chance of credential leakage and account compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to retrieve and paste the `overleaf_session2` browser session cookie into a CLI without clearly warning that this cookie is a high-value secret that can grant full access to the user's Overleaf account. That omission increases the chance users will mishandle, log, share, or persist the token insecurely, enabling account compromise if the cookie is exposed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to extract a live authenticated session cookie and store it in environment variables or plaintext local files without warning that this credential grants account access and may be stolen from shell history, project directories, backups, or shared systems. In the context of an Overleaf CLI, this is especially risky because the cookie likely provides direct access to private projects and account actions, so disclosure can lead to account compromise and document exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.